Question: User Certificates for MAC's

Add your own question »

For a long time we have just had windows laptops on the internal network and use the user certificate that every one gets enrolled for to permit access to eduraom.

So the basic rule is

EAP-TLS = internal network
PEAP = External (BYOD) device

Now we have more MAcs coming on to the network I am looking for a way to provision the Certs to them. Windows machines are easy just a Group Policy, But can any one suggest an easy way to do MAC's. If possible we don't want to use any 3rd party software, I would like it so that a suer plugs in a network cable and logs on once, the cert is downloaded and the Eduraom set-up. and they can then use it from that point on.

Answers

we're using certs with MACs - but using CloudpathES to ease the deployment. with new Macs (since 10.7) you've got to define profiles with e.g. apple profile tool (aka iPhone enterprise deployment tool) - users cannot define 802.1X profile themselves. there are various other ways/means to do this none of which are nice...which is why we're using a deployment tool for this.

another annoyance, with Macs, is that if the Mac detects its on an 802.1X wired network it just throws open a user/password box before the user has any chance to get something configured profile-wise or other...annoying.

I did try using a mac profile server, and it seems to work for some versions of MAC OS, but not others. Seems impossible to find a way that works with out fail 100% that is simple enough for users to manage.

Also thank you for the heads up about the wired 802.1x I am implementing that at the moment and can see they will be an issue :(